Let in a program a variable 'x' is tainted. There is an assignment 'y=x' where y is untainted. How to check the taintflow in the output or data flow graph ? Any suggestions? Thank you. Have a great day. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190912/5bb3655c/attachment.html>
On 12/09/2019 06:02, Priyanka Panigrahi via llvm-dev wrote: Let in a program a variable 'x' is tainted. There is an assignment 'y=x' where y is untainted. How to check the taintflow in the output or data flow graph ? I'm not involved in it, but you might be interested in the DataFlowSanitizer, dfsan: https://clang.llvm.org/docs/DataFlowSanitizer.html, which sounds like it can do what you want. I'd be interested to hear in other answers to this question, too. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190912/689a3e00/attachment.html>
Thanks, I will check it out. There is another tool for taint analysis, taintgrind. I am not able to find any relevant output yet. I am new to this area, still exploring. On Thu, Sep 12, 2019 at 1:56 PM Peter Waller <Peter.Waller at arm.com> wrote:> On 12/09/2019 06:02, Priyanka Panigrahi via llvm-dev wrote: > > Let in a program a variable 'x' is tainted. There is an assignment 'y=x' > where y is untainted. > How to check the taintflow in the output or data flow graph ? > > I'm not involved in it, but you might be interested in the > DataFlowSanitizer, dfsan: > https://clang.llvm.org/docs/DataFlowSanitizer.html, which sounds like it > can do what you want. > > I'd be interested to hear in other answers to this question, too. >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190912/e1962cc0/attachment.html>
I feel there is more context needed to answer this question. On 09/12, Priyanka Panigrahi via llvm-dev wrote:> Let in a program a variable 'x' is tainted. There is an assignment 'y=x' > where y is untainted. > How to check the taintflow in the output or data flow graph ? > > Any suggestions? > > Thank you. Have a great day.> _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-- Johannes Doerfert Researcher Argonne National Laboratory Lemont, IL 60439, USA jdoerfert at anl.gov -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190914/39b9da69/attachment.sig>